Breadcrumbs

Risk Assessment

1. Description of Service

The Massachusetts Office of Information Technology (MassIT) provides Technical Risk Assessment services to those agencies wishing to deploy applications both internal to MAGnet as well as internet facing. This service uses the NIST Special Publication 800-30 "Risk Management Guide for Information Technology Systems" as its primary reference framework. A written report is produced.

2. Service Targets/Hours of Availability

Initial reviews will be completed within 15 business days. If a customer's submission for an assessment is found to be non-Enterprise Policy compliant OR is found to be insecure, additional time will be involved. The amount of additional time will be dependent upon the complexity of the issue(s) identified and available mitigations.

The MassIT Security Office will provide assistance to the customer with identifying potentially viable mitigation strategies to achieve compliance.

*For new service requests only. To manage existing requests, please log into COMiT.

5. Customer Responsibilities

Customers and their business partners are expected to develop applications in conformance with Enterprise Policies and Standards while also adhering to stipulations of Executive Order 504 in their treatment of sensitive data.

Customers need to also be familiar with the ramifications of MGL Section 93 (related to Data Breach Notifications) for them should a breach of their system(s) occur.

Tool Name: Baynote, Inc. Recommendations

The information below summarizes privacy policy terms related to content recommendations on Mass.Gov and is excerpted from the full Mass.gov privacy policy.

Purpose: Displays relevant content recommendation based on the site usage pattern of all users of Mass.Gov. If Personalization is enabled (the default setting), your personal site usage pattern today and on prior visits to Mass.gov will be displayed to you and will also be a factor in determining personalized relevant recommendations for you.

Data Collected: A random anonymous unique identifier is assigned and tracked for each user of the website. This identifier is sent to our vendor, Baynote, when you view a page, open a document or click a link on Mass.Gov. Our vendor then analyzes the specific content that was viewed and provides content recommendations to similar content that you may find useful. A full description of what data Baynote collects and how it uses this data is available at http://www.baynote.com/baynote-services-privacy-policy/. Please note that the tool uses persistent cookies. These cookies will be Mass.gov domain cookies and not Baynote domain cookies. The cookies will store information related to a user’s Mass.gov Web site usage, including the URL and title of sites recently visited and the random anonymous unique identifier assigned to the user. In general, and as described in more detail in Baynote’s service privacy policy linked to above, Baynote only uses the personalized information it gathers to provide recommendation services and display past usage for Mass.Gov users and will not share this information with any third parties, including advertisers. The information collected will not affect content you may see on sites unaffiliated with Mass.Gov.

Express Opt Out: If personalization of recommendations based on the content you view is not desired, or you do not wish to display a list of recently viewed Mass.gov pages, you may turn personalization off. You can do this by using either the switch located below in this privacy policy or an identical switch located directly above the content recommendations and recently viewed content boxes displayed on the Mass.gov site. Once you turn off personalization, your content recommendations will be based on the overall traffic patterns of all users of Mass.Gov and they will not specifically take into account your own personal usage patterns. If you turn off personalization, information collected by this Tool that is associated with your content usage will be deleted from your cookies, and no further information about your content usage will be sent to our vendor.

Disabling personalization will affect both content recommendations and recently viewed page links. If you turn off personalization, this “off” setting will persist as you browse Mass.Gov and during any future sessions. The opt-out setting is stored in a persistent cookie on your computer. The setting will remain in effect so long as you use the same computer with the same Internet browser. If you delete the cookie that contains the opt-out setting or use a different browser or computer, personalization will be enabled and you will need to disable it again on your next visit, if desired.

For our full privacy policy, please close this window and see the Site Policies or Privacy Policy link in the footer of the page.